20220304

2 years ago · 09d8a6e804
6 changed files with 118 additions and 18 deletions
--- a/README.md
+++ b/README.md
@ -7,8 +7,6 @@
				@@ -7,8 +7,6 @@

 ![](https://i.bmp.ovh/imgs/2020/12/7a1eee25c16d2d81.png)

-
-
 ![](https://i.bmp.ovh/imgs/2020/12/abba0af566f3c16a.png)


@ -46,7 +44,7 @@ docker run -itd --name="onenav" -p 80:80 \
				@@ -46,7 +44,7 @@ docker run -itd --name="onenav" -p 80:80 \
 * `PASSWORD`：设置密码，上述设置为`xiaoz.me`
 * `/data/onenav`：本机挂载目录，用于持久存储Onenav数据

-> 更多说明，请参考帮助文档：https://www.yuque.com/helloz/onenav
+> 更多说明，请参考帮助文档：https://dwz.ovh/onenav

 ## Demo

--- a/class/Api.php
+++ b/class/Api.php
@ -417,27 +417,59 @@ class Api {
				@@ -417,27 +417,59 @@ class Api {
    }
    /**
     * 查询链接
+     * 接收一个数组作为参数
     */
-    public function link_list($page,$limit,$token = ''){
-        $offset = ($page - 1) * $limit;
+    public function link_list($data){
+        $limit = $data['limit'];
+        $token = $data['token'];
+        $offset = ($data['page'] - 1) * $data['limit'];
+        $fid = @$data['category_id'];
+        
+        //如果存在分类ID，则根据分类ID进行查询
+        if ($data['category_id'] != null) {
+            
+            $cid_sql = "WHERE fid = $fid";
+            //统计链接总数
+            $count = $this->db->count('on_links','*',[
+                'fid'   =>  $fid
+            ]);
+        }
+        else{
+            //统计链接总数，没有分类ID的情况
+            $count = $this->db->count('on_links','*');
+        }
        //如果成功登录，但token为空
        if( ($this->is_login()) && (empty($token)) ){
-            //统计总数
-            $count = $this->db->count('on_links','*');
-            $sql = "SELECT *,(SELECT name FROM on_categorys WHERE id = on_links.fid) AS category_name FROM on_links ORDER BY weight DESC,id DESC LIMIT {$limit} OFFSET {$offset}";
+            $sql = "SELECT *,(SELECT name FROM on_categorys WHERE id = on_links.fid) AS category_name FROM on_links ${cid_sql} ORDER BY weight DESC,id DESC LIMIT {$limit} OFFSET {$offset}";
        }
        
        //如果token验证通过
        elseif( (!empty($token)) && ($this->auth($token)) ) {
-            //统计总数
-            $count = $this->db->count('on_links','*');
-            $sql = "SELECT *,(SELECT name FROM on_categorys WHERE id = on_links.fid) AS category_name FROM on_links ORDER BY weight DESC,id DESC LIMIT {$limit} OFFSET {$offset}";
+            $sql = "SELECT *,(SELECT name FROM on_categorys WHERE id = on_links.fid) AS category_name FROM on_links ${cid_sql} ORDER BY weight DESC,id DESC LIMIT {$limit} OFFSET {$offset}";
        }
+        //如果即没有登录成功，又没有token，则默认为游客
        else{
-            //统计总数
-            $count = $this->db->count('on_links','*',[ 'property'   =>  0 ]);
-            $sql = "SELECT *,(SELECT name FROM on_categorys WHERE id = on_links.fid) AS category_name FROM on_links WHERE property = 0 ORDER BY weight DESC,id DESC LIMIT {$limit} OFFSET {$offset}";
+            $cid_sql = empty($fid) ? null : "AND fid = $fid";
+            if($cid_sql == null) {
+                //统计链接总数，不存在分类ID的情况
+                $count = $this->db->count('on_links','*',[ 'property'   =>  0 ]);
+            }
+            else{
+                //统计链接总数，存在分类ID的情况
+                $count = $this->db->count('on_links','*',[ 
+                    'property'  =>  0,
+                    'fid'       =>  $fid 
+                ]);
+            }
+            
+            $sql = "SELECT *,(SELECT name FROM on_categorys WHERE id = on_links.fid) AS category_name FROM on_links WHERE property = 0 ${cid_sql} ORDER BY weight DESC,id DESC LIMIT {$limit} OFFSET {$offset}";
        }
+
+        //打印SQL
+        //echo $sql;
+
+        //如果查询的总数大于limit，则以limit为准
+        $count = ( $count > $limit) ? $limit : $count;
       
        //原生查询
        $datas = $this->db->query($sql)->fetchAll();
@ -449,6 +481,47 @@ class Api {
				@@ -449,6 +481,47 @@ class Api {
        ];
        exit(json_encode($datas));
    }
+    /**
+     * 查询单个链接
+     * 此函数接收一个数组
+     */
+    public function get_a_link($data) {
+        $id = $data['id'];
+        $token = $data['token'];
+        $link_info = $this->db->get("on_links","*",[
+            "id"    =>  $id
+        ]);
+        //打印链接信息
+        //var_dump($link_info);
+        //如果是公开链接，则直接返回
+        if ( $link_info['property'] == "0" ) {
+            $datas = [
+                'code'      =>  0,
+                'data'      =>  $link_info
+            ];
+            
+        }
+        //如果是私有链接，并且认证通过
+        elseif( $link_info['property'] == "1" ) {
+            if ( $this->auth($token) ) {
+                $datas = [
+                    'code'      =>  0,
+                    'data'      =>  $link_info
+                ];
+            }
+            
+            //exit(json_encode($datas));
+        }
+        //如果是其它情况，则显示为空
+        else{
+            $datas = [
+                'code'      =>  0,
+                'data'      =>  []
+            ];
+            //exit(json_encode($datas));
+        }
+        exit(json_encode($datas));
+    }
    /**
     * 验证是否登录
     */
--- a/controller/api.php
+++ b/controller/api.php
@ -54,6 +54,9 @@ switch ($method) {
				@@ -54,6 +54,9 @@ switch ($method) {
    case 'check_weak_password':
        check_weak_password($api);
        break;
+    case 'get_a_link':
+        get_a_link($api);
+        break;
    default:
        # code...
        break;
@ -173,11 +176,19 @@ function link_list($api){
				@@ -173,11 +176,19 @@ function link_list($api){
    $limit = empty(intval($_GET['limit'])) ? 10 : intval($_GET['limit']);
    //获取token
    $token = $_POST['token'];
-    $api->link_list($page,$limit,$token);
+    //获取分类ID
+    $category_id = empty($_POST['category_id']) ? null : intval($_POST['category_id']);
+    $data = [
+        'page'          =>  $page,
+        'limit'         =>  $limit,
+        'token'         =>  $token,
+        'category_id'   =>  $category_id
+    ];
+    $api->link_list($data);
 }

 /**
- * 获取链接信息
+ * 获取链接标题、描述等信息
 */
 function get_link_info($api) {
    //获取token
@ -187,6 +198,17 @@ function get_link_info($api) {
				@@ -187,6 +198,17 @@ function get_link_info($api) {
    $api->get_link_info($token,$url);
 }

+/**
+ * 获取一个链接的信息，指存储在数据库的信息
+ */
+function get_a_link($api) {
+    //获取token
+    $data['token'] = htmlspecialchars($_POST['token']);
+    //获取链接的ID
+    $data['id'] = intval(htmlspecialchars($_GET['id']));
+    $api->get_a_link($data);
+}
+
 /**
 * 添加自定义js
 */
--- a/controller/login.php
+++ b/controller/login.php
@ -23,7 +23,8 @@ if( $_GET['check'] == 'login' ) {
				@@ -23,7 +23,8 @@ if( $_GET['check'] == 'login' ) {
    header('Content-Type:application/json; charset=utf-8');
    if( ($user === $username) && ($pass === $password) ) {
        $key = md5($username.$password.'onenav');
-        setcookie("key", $key, time()+30 * 24 * 60 * 60,"/");
+        //开启httponly支持
+        setcookie("key", $key, time()+30 * 24 * 60 * 60,"/",NULL,false,TRUE);
        $data = [
            'code'      =>  0,
            'msg'   =>  'successful'
--- a/data/update.log
+++ b/data/update.log
@ -37,4 +37,9 @@ CREATE INDEX on_options_key_IDX ON on_options ("key");
				@@ -37,4 +37,9 @@ CREATE INDEX on_options_key_IDX ON on_options ("key");
 1. 修复默认主题字体图标不显示

 20220225
-1. 修复一处安全漏洞
+1. 修复一处安全漏洞
+
+20220304
+1. 新增HttpOnly支持
+2. API新增查询单个链接信息get_a_link
+3. API支持查询指定分类下的链接link_list，传递参数category_id
--- a/templates/default/index.php
+++ b/templates/default/index.php
@ -194,6 +194,7 @@
				@@ -194,6 +194,7 @@
 	<div class="mdui-divider" style = "margin-top:2em;"></div>
 	<!--正文内容部分END-->
 	<!-- footer部分 -->
+	<!-- 未经作者授权，请勿去掉版权，否则可能影响作者更新代码的积极性或直接放弃维护此项目。 -->
 	<footer>
 		© 2022 Powered by <a target = "_blank" href="https://github.com/helloxz/onenav" title = "简约导航/书签管理器" rel = "nofollow">OneNav</a>.The author is <a href="https://www.xiaoz.me/" target="_blank" title = "小z博客">xiaoz.me</a>
 	</footer>